Privacy News Roundup: Government Snooping in the Free World

Privacy advocates in the United Kingdom got the unfortunate opportunity to say “we told you so” last week, following revelations that nearly 1,000 civil servants working at the UK government’s Department for Work and Pensions had been disciplined for accessing citizens’ private and confidential data, including criminal records, employment histories and social security details. More than 150 of those data breaches occurred at the Department for Health, an agency tasked with providing health services – and maintaining all UK medical records.

The unsettling news came to light after reporters with an investigative television broadcast series filed Freedom of Information requests and published their findings.

As ZDNet’s Zack Whittaker shrewdly points out, the most disconcerting aspect of this rampant leakage is that it wasn't caused by a system malfunction, but rather active exploitation at the hands of “the very people we supposedly trust with our data.”

Not Guilty? Met Police Can Still Snoop Through Your Cell Phone

Metropolitan Police in 16 London boroughs are now employing technology to instantly extract mobile phone data from suspects in custody. The upgrade allows police to access call history, texts and phone contacts, while eliminating the need for a forensic examination that used to take several weeks.

A particularly glaring problem with this new policy is that police will continue to retain the mobile phone data regardless of whether charges are brought, according to a BBC report. Privacy International has characterized the new policy as a “possible breach of human rights law,” arguing that since it’s already illegal to indefinitely retain DNA profiles from detainees, sensitive mobile phone data should be held to the same standard. Another worry springing out of the new policy: Extracting mobile phone data at a police station is just a heartbeat away from doing the same during a stop-and-search on the street.

FBI Cozying Up with Europol on Cybersecurity

The European Union is actively seeking closer collaboration with the United States Department of Homeland Security (DHS) to fight cyber crime. In fact, EU Home Affairs Commissioner Cecilia Malmström recently went so far as to say, “EU-U.S. cooperation is not a choice, but a necessity.” She then predicted the success of joint cybersecurity operations between the FBI and Europol. Malmström added that she has been working closely with DHS Secretary Janet Napolitano on joint cyber crime initiatives as part of a working group that's planning “a fully fledged EU-U.S. cyber exercise” in 2014.

“Yesterday, I had the opportunity to follow the work of the FBI and I was impressed by how advanced they are,” Malmström noted. “This has reinforced my view that we should continue to deepen transatlantic cooperation against cyber threats.” Her comments were delivered on May 2 in Washington, D.C., at the Transatlantic Cyber Conference, organized by the Center for Strategic and International Studies, the European Security Roundtable and SRA International.

Land of #OzLog: Data Retention Back on the Agenda in Australia

“OzLog” is shorthand for a proposed mandatory data retention policy the Australian government has been toying with the idea of implementing, despite popular backlash. Patterned after the notorious European Directive on Data Retention, the proposal would require Internet service providers Down Under to store information about customers’ web usage history for two full years.

Dormant for months, it was looking as though OzLog would make a comeback in recent weeks as part of a broader surveillance monstrosity taking shape under Australia’s Federal Attorney-General, Nicola Roxon. To flesh out the plan, the government sought feedback on ideas such as: “increase powers of interception; make it easier for [the Australian Security Intelligence Organization] to break into computers and computer networks, including those of third parties not targeted in warrants; [facilitate] the prosecution of anyone who names an ASIO officer; and [implement OzLog],” according to Crikey, an Aussie news outlet.

Fortunately, opposition to the proposed surveillance scheme is mounting. Australia’s Parliamentary Joint Committee on Intelligence and Security rejected the plan’s terms of reference last week, sending it back to the drawing board. And Sen. Scott Ludlam, a spokesperson for the Australian Greens, expressed bitter opposition, saying: “This is the idea that all our personal data should be stored by service providers so that every move we make can be surveilled or recalled for later data mining. It is premised on the unjustified paranoia that all Australians are potential criminal suspects.”

Hey, Teachers! Leave Those Kids Alone!

High school students in the Australian state of Queensland who lack their own computers are given government-issued laptops to take home with them from school – but they come with a hidden price. A recent news report revealed that “screen spy” monitoring software run by the AB Tutor Client Program quietly takes time-stamped screenshots, monitors printing, and logs visits to websites and keystrokes. Students’ online activity is monitored even when they are working at home, and one mother complained that a screenshot had been taken of her daughter’s Skype conversation. During class, teachers can remotely control the computers.

Despite the uproar that was unleashed when parents and civil liberties advocates discovered the extent of the laptop monitoring, officials with Education Queensland, the governmental department responsible for running the schools, stuck by the practice. Responding to questions from the press, Queensland Education Minister John-Paul Langbroek noted that parents had signed an agreement disclosing that online communications could be audited and traced back to students. He then delivered a line that is often repeated but known by privacy advocates to be completely wrongheaded. “If they've done nothing wrong,” he said, “they've got nothing to fear."

In Canada, Telcos Got Inside Track On Surveillance Bill

Several weeks before Canada’s controversial online surveillance legislation, Bill C-30, was introduced, major telecommunication companies partnered with government officials to develop a secret forum on “Lawful Access,” the deceptive term used to describe governmental interception of online activity and information. The closed-door collaboration was revealed in documents obtained via Canada’s Access to Information Act (the equivalent of the U.S.’s Freedom of Information Act), according to Michael Geist, a law professor at the University of Ottawa. News of the secret meeting served to clear up confusion as to why Canada’s telcos stayed mum on C-30 when it reached the height of controversy earlier this year.

After Bill C-30 had formally entered the approval process, government officials continued to work with telcos behind the scenes to respond to their concerns — such as whether they would receive “adequate compensation” in exchange for providing subscriber information, according to the released documents.

As Geist points out, the behind-the-scenes collaboration essentially “created a two-tier approach to Internet surveillance policy, granting privileged access and information for telecom providers.” Though it’s on the back burner for now, Bill C-30 nevertheless remains in legal limbo, with Public Safety Minister Vic Toews promising that it will be sent to committee for further study.

Related Updates

Because the global Internet carries data acrossinternationalborders, police often seek digital evidence stored in another country. To obtain such cross-border data, police generally must gain approval from the government whose territory hosts the data, under an international web of Mutual Legal Assistance Treaties (MLATs).
...

One country’s government shouldn’t determine what Internet users across the globe can see online. But a French regulator is saying that, under Europe’s “Right to be Forgotten,” Google should have to delist search results globally, keeping them from users across the world. That’s a step too far, and would conflict...

The Obama administration promised privacy protections for foreigners abroad, but PPD-28 fails to deliver those protections In early 2014, still reeling from global outrage over recently uncovered surveillance programs, President Barack Obama pledged to rein in the U.S. government’s spying and boost privacy protections for people in the U.S. and...

Having for years enforced a constitutionally offensive border search regime at physical borders and U.S. international airports, Customs and Border Protection (CBP) recently proposed to expand its violations in troubling new ways by prompting travelers from countries on the State Department’s Visa Waiver Program list to provide their “social media...

Baycloud Systems has become the latest company to join the EFF’s Do Not Track (DNT) coalition, which opposes the tracking of users without their consent. Baycloud designs systems to help companies and users monitor and manage tracking cookies. Based in the UK, it provides thousands of sites across Europe...

The Yale Law Journal has published a short essay that I wrote in response to an article by Robert Litt, General Counsel to the Office of the Director of National Intelligence on the Fourth Amendment in the Digital Age. Mr. Litt uses EFF's NSA Spying case Jewel...

The European Commission and the U.S. Department of Commerce have finally announced the details of the EU-U.S. Privacy Shield, an agreement designed to ensure that personal data can flow between Europe and the U.S. for commercial purposes while maintaining the privacy rights Europeans have come to love and expect. Lawmakers...

Europe is very close to the finishing line of an extraordinary project: the adoption of the new General Data Protection Regulation (GDPR), a single, comprehensive replacement for the 28 different laws that implement Europe's existing 1995 Data Protection Directive. More than any other instrument, the original Directive has created...

Grumblings about changes in Facebook’s layout and policies are standard practice for everyone familiar with the social media giant. But some European governments are taking Facebook’s practices more seriously. This week, interdisciplinary scholars and researchers in Belgium issued a draft report entitled “From social media service to advertising network...

On April 24, 2014, Brazil’s President, Dilma Rousseff, signed Marco Civil Da Internet, a civil-rights based framework for the Internet which Brazilian activists have long fought. Dubbed the “Internet Constitution,” the law seeks to reinforce the protection of fundamental freedoms in the digital age. The law was developed through...